Cybersecurity and Infrastructure Security Agency

The US government wants developers to stop using C and C++

Opinion Does anyone want to tell Linus Torvalds? No? I didn't think so

Software08 Nov 2024 | 232

FortiManager critical vulnerability under active attack

Updated Security shop and CISA urge rapid action

Cybersecurity Month23 Oct 2024 | 7

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

Plus, a POC to make it extra easy for attackers

Security23 Oct 2024 |

Critical hardcoded SolarWinds credential now exploited in the wild

Another blow for IT software house and its customers

Security16 Oct 2024 | 23

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Poor use of PHP include() strikes again

Cybersecurity Month02 Oct 2024 | 4

Extracting vendor promises won't fix cybersecurity. Extracting teeth might

Opinion One branch of tech has learned to work together to solve the near-impossible. Now it's our turn

Applications30 Sep 2024 | 43

10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks

Thousands of devices remain vulnerable, US most exposed to the threat

Security24 Sep 2024 | 18

Ivanti patches exploited admin command execution flaw

Fears over chained attacks affecting EOL product

Patches20 Sep 2024 | 8

CISA boss: Makers of insecure software must stop enabling today's cyber villains

Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret'

Software20 Sep 2024 | 93

Check your IP cameras: There's a new Mirai botnet on the rise

Infosec in brief Also, US offering $2.5M for Belarusian hacker, Backpage kingpins jailed, additional MOVEit victims, and more

Security31 Aug 2024 | 22

RansomHub hits 210 victims in just 6 months

The ransomware gang recruits high-profile affiliates from LockBit and ALPHV

Cyber-crime30 Aug 2024 |

Iran named as source of Trump campaign phish, leaks

Political stirrer Roger Stone may have been a weak link after personal emails cracked

Security20 Aug 2024 | 40

US elections have never been more secure, says CISA chief

Black Hat Election tech is fine – it's all those idiots buying into the propaganda that's worrying Jen Easterly

Security08 Aug 2024 | 45

FBI, CISA remind US voters that DDoS attacks can't touch election systems

PSA comes amid multiple IT services crises in recent days

Cyber-crime01 Aug 2024 | 16

CISA broke into a US federal agency, and no one noticed for a full 5 months

Red team exercise revealed a score of security fails

Security12 Jul 2024 | 21

CISA director: US is 'not afraid' to shout about Big Tech's security failings

Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration

CSO01 Jul 2024 | 12

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

Crafty crims broke in but encryption stopped any nastiness

Cyber-crime25 Jun 2024 | 3

7-year-old Oracle WebLogic bug under active exploitation

Experts say Big Red will probably re-release patch in an upcoming cycle

Malware Month06 Jun 2024 | 6

RSA Conference 2024: The good, the bad, and the downright worrying

Kettle If there's one thing infosec needs right now, it's a little pick-me-up

Spotlight on RSA14 May 2024 | 3

Uncle Sam urges action after Black Basta ransomware infects Ascension

Emergency ambulances diverted while techies restore systems

Cyber-crime13 May 2024 | 5

Critical infrastructure security will stay poor until everyone pulls together

Interview Claroty CEO Yaniv Vardi tells us what's needed to defend vital networks

Public Sector11 May 2024 | 12

68 tech names sign CISA's secure-by-design pledge

RSAC Security's an uphill battle ... does this latest move have teeth?

Spotlight on RSA09 May 2024 | 14

CISA boss: Secure code is the 'only way to make ransomware a shocking anomaly'

RSAC And it would seriously inconvenience the Chinese and Russians, too

Spotlight on RSA08 May 2024 | 58

CISA's early-warning system helped critical orgs close 852 ransomware holes

Interview In the first year alone, that's saved us all a lot of money and woe

Spotlight on RSA07 May 2024 | 3

The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching

More work to do as most deadlines are missed and worst bugs still take months to fix

Patches07 May 2024 |

CISA says 'no more' to decades-old directory traversal bugs

Recent attacks on healthcare thrust infosec agency into alert mode

CSO06 May 2024 | 13

Federal frenzy to patch gaping GitLab account takeover hole

Warning comes exactly a year after the vulnerability was introduced

Cyber-crime02 May 2024 | 8

Psst, hey. It's the NSA. You want some AI security advice?

You can trust us, we're the good guys

AI + ML17 Apr 2024 | 2

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Hard-coded credentials last thing you want in home security app

Security15 Apr 2024 | 49

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software

Security03 Apr 2024 | 39

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

Software slackers urged to up their game

Security26 Mar 2024 | 66

NVD slowdown leaves thousands of vulnerabilities without analysis data

Opinion Security world reacts as NIST does a lot less of oft criticized, 'almost always thankless' work

Security22 Mar 2024 | 5

FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert

You better watch out, you better not cry, better not pout, they're telling you why

Security21 Mar 2024 | 4

Microsoft reseller Bytes says more than 100 undisclosed share trades linked to ex-CEO

Surprise resignation of chief exec happened after FCA probe began, claims filing

Channel18 Mar 2024 | 12

Biden's budget proposal boosts CISA funding to $3B

Plus almost $1.5b for health-care cybersecurity

Security12 Mar 2024 | 5

Securing open source software: Whose job is it, anyway?

CISA announces more help, and calls on app makers to step up

CSO08 Mar 2024 | 21

LockBit's contested claim of fresh ransom payment suggests it's been well hobbled

Infosec in brief ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns

Security04 Mar 2024 | 1

IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks

Plan says to hand over keys to networks – and report intrusions within eight hours of discovery

Public Sector08 Feb 2024 | 36

Biden will veto attempts to kill off SEC's security breach reporting rules

Senate, House can try but won't make it past the Prez, says White House

Security01 Feb 2024 | 18

Wait, security courses aren't a requirement to graduate with a computer science degree?

Comment And software makers seem to be OK with this, apparently

CSO26 Jan 2024 | 64

CISA boss swatted: 'While my own experience was certainly harrowing, it was unfortunately not unique'

Election officials, judges, politicians, and gamers are in swatters' crosshairs

Cyber-crime23 Jan 2024 | 46

UK water giant admits attackers broke into system as gang holds it to ransom

Comes mere months after Western intelligence agencies warned of attacks on water providers

Cyber-crime23 Jan 2024 | 35

Future of America's Cyber Safety Review Board hangs in balance amid calls for rethink

Politics-busting, uber-transparent incident reviews require independence, less internal conflict

Security18 Jan 2024 |

Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users

Updated National security and infosec authorities band together to help victims sniff out stealthy Russian baddies hiding in networks

Cyber-crime14 Dec 2023 | 1

Surprise! Email from personal. [email protected] is not going to contain good news

Internet plod highlight tactics used by cruel Karakurt crime gang

Cyber-crime14 Dec 2023 | 33

US and EU infosec authorities pen intel-sharing pact

As Cyber Solidarity Act edges closer to full adoption in Europe

Cyber-crime07 Dec 2023 | 2

A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list

Apparently no one thought to check if this D-Link router 'issue' was actually exploitable

Security06 Dec 2023 | 6

CISA details twin attacks on federal servers via unpatched ColdFusion flaw

Tardy IT admins likely to get a chilly reception over the lack of updates

Security05 Dec 2023 | 2

UK and US lead international efforts to raise AI security standards

17 countries agree to adopt vision for artificial intelligence security as fears mount over pace of development

AI + ML27 Nov 2023 | 14

Ransomware royale: US confirms Royal, BlackSuit are linked

Royal alone scored $275M in past year as FBI, other agencies hot on merging trail

Cyber-crime14 Nov 2023 | 1

LockBit alleges it boarded Boeing, stole 'sensitive data'

Security In Brief ALSO: CISA begs for a consistent budget, Las Vegas school breach; Nigeria arrests six cyber princes, the week's critical vulnerabilities

Security30 Oct 2023 | 3

US cybercops urge admins to patch amid ongoing Confluence chaos

Do it now, no ifs or buts, says advisory

Patches17 Oct 2023 | 3

Regulator, insurers and customers all coming for Progress after MOVEit breach

Infosec in brief Also, CISA cataloging new ransomware data points, 17k WP sites hijacked by malware in Sept., and more critical vulns

Security16 Oct 2023 | 3

CISA reveals 'Admin123' as top security threat in cyber sloppiness chart

Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam

Security06 Oct 2023 | 8

CISA barred from coordinating with social media sites to police misinformation

The 5th Circuit's re-ruling adds CISA to a list of alleged first-amendment violators. Next stop: Supreme Court

Security04 Oct 2023 | 30

CISA boss says US alliance with Ukraine over past year is closer than Five Eyes

Black Hat And maybe shore up that critical infrastructure some more, America

Black Hat and DEF CON10 Aug 2023 | 14